Command injection

The Kleopatra component before 3.1.12 and before 20.07.80 for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL...

CVE-2020-9767

A vulnerability related to Dynamic-link Library “DLL” loading in the Zoom Sharing Service would allow an attacker who had local access to a machine on which the service was running with elevated privileges to elevate their system privileges as well through use of a malicious DLL. Zoom addressed...

Sql injection

A vulnerability related to Dynamic-link Library “DLL” loading in the Zoom Sharing Service would allow an attacker who had local access to a machine on which the service was running with elevated privileges to elevate their system privileges as well through use of a malicious DLL. Zoom addressed...

CVE-2020-9767

CVE-2020-9767 affects Zoom for Windows, involving a DLL-loading vulnerability in the Zoom Sharing Service that could allow a locally authenticated attacker with elevated privileges to run arbitrary code via a malicious DLL. Zoom addressed this in Zoom client 5.0.4 (Windows). As per sources, the i...

CVE-2020-9767

A vulnerability related to Dynamic-link Library “DLL” loading in the Zoom Sharing Service would allow an attacker who had local access to a machine on which the service was running with elevated privileges to elevate their system privileges as well through use of a malicious DLL. Zoom addressed...

CVE-2020-15657

Firefox could be made to load attacker-supplied DLL files from the installation directory. This required an attacker that is already capable of placing files in the installation directory. Note: This issue only affected Windows operating systems. Other operating systems are unaffected.. This...

CVE-2020-15657

Firefox could be made to load attacker-supplied DLL files from the installation directory. This required an attacker that is already capable of placing files in the installation directory. Note: This issue only affected Windows operating systems. Other operating systems are unaffected.. This...

Python DLL Loading Local Privilege Escalation

The version of Python installed on the remote Windows host is 3.6.x prior to 3.6.12, 3.7.x prior to 3.7.9, 3.8.x prior to 3.8.4, or 3.9.x prior to 3.9.0b5. It is, therefore, affected by an elevation of privilege vulnerability. A Trojan horse python3.dll might be used in cases where CPython is...

Security Vulnerabilities fixed in Thunderbird 78.1 — Mozilla

By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. WebRTC used the memory address of a class instance as a connection identifier. Unfortunately, this value is...

Security Vulnerabilities fixed in Firefox ESR 78.1 — Mozilla

By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. WebRTC used the memory address of a class instance as a connection identifier. Unfortunately, this value is...

CVE-2020-11081

osquery before version 4.4.0 enables a privilege escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables...

CVE-2019-19166

Tobesoft XPlatform v9.1, 9.2.0, 9.2.1 and 9.2.2 have a vulnerability that can load unauthorized DLL files. It allows attacker to cause remote code execution...

IBM Tivoli Monitoring Unauthorized Access Vulnerability

IBM Tivoli Monitoring is a set of system monitoring software from IBM in the United States. A security vulnerability exists in IBM Tivoli Monitoring versions 6.3.0 through 630 FP7 including Service Pack. The vulnerability can be exploited by an attacker to load other DLL files located in the same...

CVE-2020-8096

Untrusted Search Path vulnerability in Bitdefender High-Level Antimalware SDK for Windows allows an attacker to load third party code from a DLL library in the search path. This issue affects: Bitdefender High-Level Antimalware SDK for Windows versions prior to 3.0.1.204...

Malwarebytes Anti-Malware Remote Code Execution (CVE-2019-6739)

A remote code execution vulnerability exists in Malwarebytes Anti-Malware. The vulnerability is due to improper sanitization of user-supplied data which may be passed to the application as an option regarding the DLL loading path. A remote attacker could exploit the vulnerability by enticing a us...

Bitdefender Endpoint Security Tool Code Issue Vulnerability

Bitdefender Endpoint Security Tool is an endpoint security management tool from the Romanian company Bitdefender. A code issue vulnerability exists in the EPSecurityService.exe file in versions prior to Bitdefender Endpoint Security Tools 6.6.11.163. The vulnerability stems from an improper desig...

CVE-2020-8601

Trend Micro Vulnerability Protection 2.0 is affected by a vulnerability that could allow an attack to use the product installer to load other DLL files located in the same directory...

CVE-2020-8601

Trend Micro Vulnerability Protection 2.0 is affected by a vulnerability that could allow an attack to use the product installer to load other DLL files located in the same directory...

CVE-2020-8601

Trend Micro Vulnerability Protection 2.0 is affected by a vulnerability that could allow an attack to use the product installer to load other DLL files located in the same directory...

CVE-2020-8601

Trend Micro Vulnerability Protection 2.0 is affected by a DLL sideloading issue in the product installer that could load other DLL files located in the same directory. The vulnerability arises during installation, enabling local manipulation of loaded DLLs. Available public references describe Tr...